The study found that the chances of encountering malware in a pirated copy of software is one in three and the chance of encountering malware in a PC bought with pirated software is 61%.

This is exacerbated by 30% of CIOs and IT managers buying computers from non-brand suppliers or national stores and 26% having no regular process to install security updates.

This is exacerbated even further by the fact that 27% of employees have installed software on their work devices in the past two years without the knowledge of the enterprise IT department.

The study found that almost 20% of the pirated software in enterprises is installed by employees.

“This is something any CIO or CISO will want to stamp out immediately,” said Gantz at a briefing at Microsoft’s Cybercrime Center in Redmond, Washington.

Biplab Sikdar, professor in the department of computer engineering at NUS said: “It is hugely concerning that brand new PCs are coming pre-infected with dangerous malware due to pirated software, making the users and companies readily vulnerable to security breaches.

“The university’s forensic tests clearly indicate how cybercriminals are increasingly leveraging the unsecure supply chain of piracy to spread malware and compromise PC security in a serious way. We would only recommend usage of genuine software for online safety and cybersecurity,” said Sikdar.

The study found that of the sample computers, 49% had real time protections turned off, 43% had Windows update turned off, 38% did not have the Internet Explorer default page, and 34% had Windows Defender turned off.

IDC estimates that governments could lose more than $50bn in 2014 through costs associated with malware on pirated software.

A poll of government officials around the world revealed that 46% believe this problem is not well understood by top government officials.

Bonnie MacNaughton, assistant general counsel at Microsoft, said this lack of awareness is one of the reasons the Microsoft Cybercrime Center is working with governments.

“We want to increase awareness at all levels of government as well as among enterprises and consumers about the prevalence of malware in counterfeit software,” she said.

The results of the joint IDC and NUC study were released as part of Microsoft’s “Play It Safe” campaign, global initiative to create greater awareness of the connection between malware and piracy.

“The research shows that legitimate software and buying computers and software only from trusted sources could significantly reduce the threat,” said Gantz.

He expressed hope that cyber security may become the most meaningful deterrent to the use of counterfeit software, especially by business.

Gantz said important first steps in reducing the threat of malware in counterfeit software in the enterprise include introducing software asset management, conducting frequent software audits, and using multiple security tools.

“The study showed that when the NUS scanned the sample computers with five different anti-malware products, not all threats were detected by all products all of the time,” he said.

Although there is some evidence that awareness about the dangers of counterfeit software is increasing, Gantz said not all organisations fully understand that the risk far outweighs any apparent initial savings.

“Using pirated software is like walking through a field of landmines: You don’t know when you’ll come upon something nasty, but if you do it can be very destructive,” he said.

According to Gantz, the potential losses could leave once-profitable businesses on shaky ground. “Buying legitimate software is less expensive in the long run — at least you know that you won’t get anything ‘extra’ in the form of malware,” he said.

Further underlining the link between counterfeit software and malware, the study showed that of a sample of 50 software discs bought from channel sources, 61% were infected with malware.

“This is consistent with Microsoft studies in the past five years that have found over half of software from non-trusted sources include some form of malware,” said MacNaughton.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy